Back to all articles
Phishing

The History of BEC Against Major Companies

Jun 04, 2026

The History of BEC Against Major Companies
Business Email Compromise (BEC) is a form of fraud where attackers gain control of or impersonate a company email account—often belonging to an executive or a trusted employee. They attempt to deceive others into sending money or sensitive information. This method has caused massive financial losses; in the U.S. alone, reported losses reached $2.8 billion in 2024. A notable case is the invoice fraud targeting Facebook and Google between 2013 and 2015. A Lithuanian citizen, Evaldas Rimasauskas, set up a fake company in Latvia that mimicked Quanta Computer, a legitimate hardware supplier that worked with both tech giants. He sent forged invoices and emails, convincing employees at Facebook and Google to pay for services and products that were never delivered. The scam relied on the trust these companies had in their supplier relationships and their internal payment processes. As a result: Google lost approximately $23 million. Facebook lost approximately $98 million. Rimasauskas was extradited to the U.S., where in 2019 he pleaded guilty to wire fraud and agreed to forfeit $49.7 million. He faced a sentence of up to 30 years in prison. This case proves that high-level phishing does not just strike ordinary individuals; it impacts global corporations by exploiting trust and standard business practices. For businesses, this underscores the critical importance of: Employee Training: Learning to recognize sophisticated fraudulent emails. Payment Verification: Confirming any request for funds through secondary channels. Vendor Management: Implementing strict controls over supplier relationships and invoice processing.

References

https://sl.bing.net/gKqwGlp8ivA
https://learn.g2.com/most-common-phishing-attacks#bec